Donate Bitcoin to this wallet:1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfmDonate Ethereum to this wallet:0x40E56922F43637224935CDC35e2c96E0392A8505Donate Litecoin to this wallet:LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

Pinned: Heimdal FREE 2.2.6
Heimdal FREE 2.2.6
We protect you from attacks that antivirus can't block.
Automate your software updates and sanitize your vulnerable apps.
Keep your apps up to date automatically and silently
Software updates are a hassle. No doubt about it! They can be distracting or downright annoying. Heimdal FREE makes updates hassle-free by automating them.
Heimdal downloads and installs updates automatically, as soon as they're available. It all happens in the background, without interrupting your work (or fun).
This works even on limited user accounts and you can check the applied updates in the Activity Reports anytime you want.
Closes critical security vulnerabilities in your software
Outdated applications include many security holes that cyber criminals exploit in their attacks. Don't let your vulnerable applications expose you to cyber threats.
Use Heimdal FREE and it'll install updates fast and safely, saving you time and energy. This key action blocks 85%* of web attack angles used by malicious hackers (according to US CERT).
Heimdal FREE keeps your browsers, utilities and other apps up to date and prevents your software from getting infected with malware.
Install new apps safely, with one click
Heimdal FREE helps you avoid confusing, risky websites, spyware, adware and tool bars when looking for new apps to install.
Choose from a list of over 20 applications and install new software with one click. The latest version is always available and you don't have to download and run an installer. Safe, easy and quick!
So simple anyone can use it
Heimdal FREE is incredibly simple to use, no matter your age or PC skills. Every 2 hours, Heimdal FREE scans your computer to see if any updates are available.
All you have to do is download and run the installer, set it on Autopilot and that's it. Heimdal will automatically work each time you turn on your computer.
From senior citizens to the ...

792

Aug 09, 2018HEIMDAL SECURITY

Pinned: Malwarebytes Anti-Malware 3.6.1.2711
Malwarebytes Anti-Malware 3.6.1.2711
Malwarebytes 3.0. Four layers of malware-crushing tech. Smarter detection. Specialized ransomware protection.
It's the security you’ve been looking for.
What it does for you
Malwarebytes Premium protects you from advanced threats
Protects you from advanced threats
Detects and removes malware in real-time with advanced anti-malware, anti-spyware, and anti-rootkit technology. Scans for the newest and most dangerous threats automatically, so you’re protected without having to even think about it.
Malwarebytes Premium protects your files from being locked and held for ransom
Protects your files from being locked and held for ransom
Stops unknown and known ransomware with proprietary next-gen technology that works proactively to shield your files. This is a powerful, comprehensive defense that blocks ransomware, and not a simple decryption tool. So you’re protected from tomorrow’s “Ransomware Attack!” headlines today.
Malwarebytes Premium Prevents your programs from being used against you
Prevents your programs from being used against you
Wraps your browser and software programs in four layers of defense, stopping attacks that use vulnerabilities in those programs to infect your computer.
Malwarebytes Premium protects you from fake and infected websites
Protects you from fake and infected websites
Detects and prevents contact with fake websites and malicious links. You are proactively protected from downloading malware, hacking attempts, and infected advertising. Worried about wandering into a “bad” Internet neighborhood? Now you don’t have to be.
Malwarebytes Premium scans faster, scans smarter
Scans faster, scans smarter
Lightning-fast Hyper Scan mode targets only the threats that are currently active. Faster analysis. Still gets results. Run a scan in the background while you boot up your favorite game. It's done by the time you're ready to play.
Full protection or simple disinfection?
Download Malwarebytes 3.0 for free and you get 14 days of full real-time protection. After the 14 days are up, Malwarebytes 3.0 reverts to a very limited but still free version that will only disinfect your computer after an attack. ...

8,539

Sep 20, 2018Malwarebytes.org

Acronis Ransomware Protection Build 1310
Acronis Ransomware Protection Build 1310
Free, battle-tested defense against ransomware.
Blocks attacks
Stop both known and never-before-seen ransomware
Recovers files
Access local cache to restore damaged data easily
Backup to the Cloud
Update your files automatically every 15 minutes
5 GB Cloud Free
Put your most important files out of harm’s way
Ransomware attacks someone every 10 seconds. Don’t be a victim. Our free tool delivers proven, powerful protection from ransomware like Petya, WannaCry and Osiris, and it’s completely compatible with all leading anti-malware solutions.
Constantly guards against bad behavior
Ransomware viruses can’t infect your system on Acronis’ watch. Our technology monitors your system in real-time, distinguishing normal activities from suspicious ones like unauthorized encryption. By recognizing bad behavior, it spots ransomware whether the strain is known or not.
Immediately stops ransomware attacks
If a process is caught trying to encrypt your files or inject malicious code into your system, Acronis stops it before any damage is done. You’re instantly notified that something suspicious was found. Then you can either block the activity or allow it to continue.
Easily restores any affected files
After blocking the ransomware attack, Acronis Active Protection will help you restore any files that might have been altered or infected. Our tool searches for the latest file versions and can recover clean copies from your cache, temporary files, or backup.
Automatically secure files in the cloud
With 5 GB of free cloud storage, you’ll not only protect your data during a ransomware attack, but also from disk failures, disasters and accidental deletions. Plus, cloud backups let you access your files from anywhere on any internet-enabled device. That’s extra protection with added convenience.

748

Aug 09, 2018Acronis International GmbH.

AlternateStreamView 32bit 1.55
AlternateStreamView 32bit 1.55
AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file.
System Requirements
This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported.
Known Issues
It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work...
Versions History
Version 1.55:
Fixed bug: AlternateStreamView failed to remember the last size/position of the main window if it was not located in the primary monitor.
You can now send the data to stdout by specifying empty string as filename, for example:
AlternateStreamView.exe /scomma "" | more
About Alternate Streams in NTFS File System
NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user.
Here's 3 examples of alternate streams usage in Windows operating system:
Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA
Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it ...

4,335

Oct 02, 2018Nir Sofer

AlternateStreamView 64bit 1.55
AlternateStreamView 64bit 1.55
AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file.
System Requirements
This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported.
Known Issues
It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work...
Versions History
Version 1.55:
Fixed bug: AlternateStreamView failed to remember the last size/position of the main window if it was not located in the primary monitor.
You can now send the data to stdout by specifying empty string as filename, for example:
AlternateStreamView.exe /scomma "" | more
About Alternate Streams in NTFS File System
NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user.
Here's 3 examples of alternate streams usage in Windows operating system:
Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA
Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it ...

4,407

Oct 02, 2018Nir Sofer

Antivirus Live CD v27.0-0.100.2
Antivirus Live CD v27.0-0.100.2
Antivirus Live CD is a 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. Both Ethernet (including Wi-Fi) and dial-up (including fast USB modems) Internet connections are supported to enable automatic updates of the virus signature database. All partitions are mounted automatically during boot so that they can be scanned by ClamAV (the supported filesystems are: btrfs, ext2, ext3, ext4, f2fs, fat16, fat32, hfs, hfs+, jfs, nilfs2, ntfs, reiser4, reiserfs, and xfs). Antivirus Live CD images are fully compatible with UNetbootin, which can be used to create an easy-to-use Antivirus Live USB.

2,196

Nov 16, 2018zk1234

Antivirus Remover 2.35
Antivirus Remover 2.35
Antivirus Remover is a simple to use application that enables you to remove the antivirus software installed on your computer and clean any trace from the system registry or temporary files. Antivirus Remover is a reliable security tool and allows you to make sure your former antivirus is not in conflict with a new one.
Antivirus Remover will download and run most if not all third party uninstallers.
Changelog:
Added: Windows Defender (only for Windows Vista and Windows 7)
Change: Dialog wording of detected antivirus that is installed, Instead of saying "remove" has been changed to DOWNLOAD"

3,280

Aug 09, 2018Brocke

AntiWebMiner 1.1.0.3
AntiWebMiner 1.1.0.3
AntiWebMiner protects your PC against web cryptocurrency miners (JS scripts like Coinhive executed in the browser) by modifying Windows hosts file.
Why?
The coin mining in a browser using scripts like Coinhive is a real problem for everyone. These scripts may cause your browsers working slow or fully unresponsive, drain a battery of your notebook. Any webmaster may add only one line to a code of website to start monetizing by coin mining. AntiWebMiner blocks scripts using a "blacklist" database of hosts like "Coinhive".
AntiWebMiner modifies a Windows hosts file for disabling connection attempts to "blacklisted" sites.
Benefits!
This protection works for all browers. You don't need to install a browser extension.
Features:
AntiWebMiner includes automatical updater of the blacklisted sites.
Free!
AntiWebMiner is an open source software, license by Apache 2.0.

736

Aug 09, 2018Greatis Software

Attack Surface Analyzer 1.0.0.0 32bit
Attack Surface Analyzer 1.0.0.0 32bit
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.
Attack Surface Analyzer is developed by the Trustworthy Computing Security group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software.
This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Supported Operating System
Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
Collection of Attack Surface data: Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Analysis of Attack Surface data and report generation: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012. Microsoft .NET Framework 4 is required.
Note: To run Attack Surface Analyzer, you will require Administrator privileges on the computer.
Collecting attack surface information with .NET Framework 4 installed
C1. Download and install Attack Surface Analyzer on a machine with a freshly installed version of a supported operating system, as listed in the System Requirements section. Attack Surface Analyzer works best with a clean (freshly built) system. Not running the Attack Surface Analyzer ...

1,277

Aug 09, 2018Microsoft

Attack Surface Analyzer 1.0.0.0 64bit
Attack Surface Analyzer 1.0.0.0 64bit
Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.
Attack Surface Analyzer is developed by the Trustworthy Computing Security group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software.
This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Supported Operating System
Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
Collection of Attack Surface data: Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Analysis of Attack Surface data and report generation: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012. Microsoft .NET Framework 4 is required.
Note: To run Attack Surface Analyzer, you will require Administrator privileges on the computer.
Collecting attack surface information with .NET Framework 4 installed
C1. Download and install Attack Surface Analyzer on a machine with a freshly installed version of a supported operating system, as listed in the System Requirements section. Attack Surface Analyzer works best with a clean (freshly built) system. Not running the Attack Surface Analyzer ...

1,314

Aug 09, 2018Microsoft

Avast Browser Cleanup 12.1.2272.125
Avast Browser Cleanup 12.1.2272.125
Restore your browser to its initial, clean state.
Get rid of dangerous and annoying extensions, toolbars, or hijacked searches.
Remove bad add-ons
It makes you safer, and it can substantially speed up your browser and the whole PC.
Browser Cleanup removes only add-ons with bad reputations. You can continue to enjoy the good ones..
Restore search settings
See untampered results and stop funding obscure software vendors.
How do they hack your browser?
Intrusive extensions often get added on during the installation of an otherwise legitimate program, without you even noticing.
Bad add-ons…
Track what you do online
They see all the websites you’ve visited or will visit. Your browsing data means money for them.
See data in your computer
It’s as easy as that. Maybe you don’t want everyone to see your photos from last summer.
Manipulate your search results
They can inject false results into your search pages – and they get paid for it.
Slow down your browser
They run in the background no matter whether you’re browsing the Web or not.
Are difficult to remove
They contain measures that make it hard for you to get them out of your computer.

1,757

Aug 09, 2018AVAST Software s.r.o.

Avast! Free Edition 18.1.3800.0
Avast! Free Edition 18.1.3800.0
Avast! is a package of applications that aim to protect your computer from a possible virus infection or other malware threat. If you use it correctly, and in combination with other programs such as data backup utilities, it will significantly reduce the risk of your computer being attacked or infected by a virus, and thus the risk of losing important or private data.
Based on the award-winning avast! antivirus engine, avast! antivirus contains all of the features you would expect in a modern antivirus program. It incorporates anti-spyware technology certified by West Coast Labs' Checkmark process, as well as anti-rootkit and strong self-protection capabilities, but now provides even faster scanning with improved detection ability. It contains several real-time "Shields" which continuously monitor your email and internet connections and check the files on your computer whenever they are opened or closed.
avast! antivirus now also comes with a completely revamped user interface for easier scanning. avast! Pro antivirus offers a number of additional features, including a script shield and a process virtualization module, while avast! Internet Security comes with an antispam filter and built-in firewall. Once installed, avast! runs silently in the background to protect your computer against all known forms of malware. You don't need to do anything else - just install and forget!

4,613

Aug 09, 2018ALWIL Software

AVG AntiVirus Free Edition v18.8.4084.0
AVG AntiVirus Free Edition v18.8.4084.0
AVG Anti-Virus FREE Edition is the well-known anti-virus protection tool. AVG Anti-Virus FREE is available free-of-charge to home users for the life of the product! Rapid virus database updates are available for the lifetime of the product, thereby providing the high-level of detection capability that millions of users around the world trust to protect their computers. AVG Anti-Virus FREE is easy-to-use and will not slow your system down (low system resource requirements).
AVG Anti-Virus Free Edition is for private, non-commercial, single home computer use only. Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited. Your use of AVG Free Edition shall be in accordance with and is subject to the terms and conditions set forth in the AVG Free Edition License Agreement which accompanies AVG Free Edition.
Features:
Surf, and search with confidence, while LinkScanner® keeps you safe from harmful sites
Get online and offline protection from viruses, spyware, and other nasties
Enjoy consistently high-speed PC performance with our new enhanced virus scanner
Automatic updates keep your protection current
Compatible with Windows XP, Vista, and Windows 7
Protection against identity theft
AVG’s unique Identity Protection technology ensures that when you shop and bank online, your bank account information, passwords, and other important personally-identifiable information can’t be stolen. As a bonus, Identity Protection also keeps you safe against new and unknown threats before they can cause harm.
Protection from hackers
AVG’s enhanced firewall keeps hackers’ prying eyes out of your private business. These remote trespassers can view or steal information, take control of your computer for nefarious purposes like botnets and spamming. It even includes a game mode to keep you protected without interrupting your play.
Protection against spammers and scammers
AVG’s anti-spam protection makes sure your email inbox is kept clear of unwanted junk mail, offers for products you don’t want or need, ...

2,226

Dec 12, 2018AVG Technologies

AVG LinkScanner 2014.4335
AVG LinkScanner 2014.4335
Nowadays, there are far more threats out there than plain viruses. You have probably come across the term spyware as well, however, authors of malicious codes and dangerous websites are very innovative, and new kinds of threats emerge quite often, the vast majority of which are on the Internet. Here are some of the most common:
Exploit is a malicious code that takes advantage of a flaw or vulnerability in an operating system, Internet browser, or other essential program.
Social engineering is a common term for various techniques used to trick people into giving away their personal information (passwords, bank account details, credit card numbers etc.). A typical example of social engineering is phishing – an attempt to acquire sensitive personal data by shamming a trustworthy and well-known organization. Usually, the potential victims are contacted by a bulk e-mail asking them to e.g. update their bank account details. In order to do that, they are invited to follow the link provided which then leads to a fake website of the bank.
Scam can be also considered a kind of social engineering; it includes false job offers, or ones that will abuse the workers for illegal activities, summons to withdraw a large sum of money, fraudulent lotteries and the like.
Hoax is a bulk e-mail containing dangerous, alarming or just bothering and useless information. Many of the above threats use hoax e-mail messages to spread.
Finally, malicious websites are ones that deliberately install malicious software on your computer, and hacked sites do just the same, only these are legitimate websites that have been compromised into infecting visitors.
AVG LinkScanner is here to protect you from all these online threats.
AVG LinkScanner is up and running immediately from the moment of installation. All basic settings have been pre-set by the manufacturer, so most of the ...

4,028

Aug 09, 2018AVG Technologies

AVG Rescue CD (for CD creation) 120.160420
AVG Rescue CD (for CD creation) 120.160420
You’ have installed AVG protection to help ensure you don’t get infected servers or workstations. However, if the unthinkable has already occurred, you need the AVG Rescue CD; a powerful must-have toolkit to assist with the rescue and repair of infected machines. This software provides essential utilities for system administrators and other IT professionals and includes the following features:
A comprehensive administration toolkit
System recovery from virus and spyware infections
Adaptability for the recovery of both MS Windows and Linux operating systems (FAT32 and NTFS file systems)
Ability to perform a clean boot from a CD or USB stick
Free support and service for paid license holders of any AVG product
FAQ and Free Forum self-help online support for AVG Free users
What you get:
Key technologies
Anti-virus: protection against viruses, worms and Trojans
Anti-spyware: protection against spyware, adware and identity theft
Administration toolkit: system recovery tools
The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection. In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.
Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:
Midnight Commander - a two-panel file manager
Windows Registry Editor– simple registry editor for more experienced users
TestDisk - powerful hard drive recovery tool
Ping - tests the availability of network resources (servers, domains, IP addresses)
Common Linux programs and services– vi text editor,
OpenSSH daemon, ntfsprogs etc.
Free of charge
The AVG Rescue CD is a free product that anyone can download. It ...

4,034

Aug 09, 2018AVG Technologies

AVG Rescue CD (for USB stick) 120.160420
AVG Rescue CD (for USB stick) 120.160420
You’ have installed AVG protection to help ensure you don’t get infected servers or workstations. However, if the unthinkable has already occurred, you need the AVG Rescue CD; a powerful must-have toolkit to assist with the rescue and repair of infected machines. This software provides essential utilities for system administrators and other IT professionals and includes the following features:
A comprehensive administration toolkit
System recovery from virus and spyware infections
Adaptability for the recovery of both MS Windows and Linux operating systems (FAT32 and NTFS file systems)
Ability to perform a clean boot from a CD or USB stick
Free support and service for paid license holders of any AVG product
FAQ and Free Forum self-help online support for AVG Free users
What you get:
Key technologies
Anti-virus: protection against viruses, worms and Trojans
Anti-spyware: protection against spyware, adware and identity theft
Administration toolkit: system recovery tools
The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection. In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.
Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:
Midnight Commander - a two-panel file manager
Windows Registry Editor– simple registry editor for more experienced users
TestDisk - powerful hard drive recovery tool
Ping - tests the availability of network resources (servers, domains, IP addresses)
Common Linux programs and services– vi text editor,
OpenSSH daemon, ntfsprogs etc.
Free of charge
The AVG Rescue CD is a free product that anyone can download. It ...

4,063

Aug 09, 2018AVG Technologies

Avira Free Antivirus 15.0.36.137
Avira Free Antivirus 15.0.36.137
Avira AntiVir Personal FREE Antivirus was developed to be a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, Trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected.
Avira AntiVir Personal is a comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users, for personal use only, and is not for business or commercial use.
Avira AntiVir Personal gives you the following functions:
Control Center for monitoring, administering and controlling the entire program
Central configuration with user-friendly standard and advanced options and context-sensitive help
Scanner (On-Demand Scan) with profile-controlled and configurable search for all known types of virus and malware
Integration into the Windows Vista User Account Control allows you to carry out tasks requiring administrator rights
Guard (On-Access Scan) for continuous monitoring of all file access attempts
Integrated quarantine management to isolate and process suspicious files
Rootkit protection for detecting hidden malware installed in your computer system (rootkits) (Only for 32-bit systems)
Direct access to detailed information on the detected viruses and malware via the Internet
Simple and quick updates to the program, virus definitions, and search engine through Single File Update and incremental VDF updates via a webserver on the Internet
Integrated Scheduler to plan one-off or recurring tasks, such as updates or test runs
Very high rates of virus and malware detection using innovative search technologies (search engines) and heuristic search processes
Detection of all common archive types, including detection of nested archives and smart extensions
High-performance multithreading function (simultaneous high-speed scanning of multiple files)
Features:
AntiVir protection against viruses, worms and Trojans AntiDialer protection against expensive dialers
AntiRootkit protection against hidden rootkits
Faster Scanning up to 20% faster
AntiPhishing protection against phishing
AntiSpyware protection against spyware and adware NetbookSupport for ...

4,550

Aug 09, 2018Avira

Avira Rescue System 2016.09.14
Avira Rescue System 2016.09.14
The Avira Rescue System scans and repairs malware-infected computers that no longer boot or are generally unresponsive. Running on both Windows and Linux operating systems, our integrated scan and repair Wizard is highly intuitive and easy to use. Are you concerned about recovering data from your system? If so, the Avira Rescue System is the ideal tool for you. And if for some reason you need outside assistance, the Rescue System can establish a remote desktop connection with Avira Support. The Avira Rescue System is updated daily so that the most recent security updates are always available. To use the Rescue System burn it to a CD or copy it to a bootable USB stick and then boot your system from that CD or USB stick.
Booting Avira Rescue System from a USB Stick
Avira offers the product Avira Rescue System, which can be used to start, scan and repair a computer.
The product needs to be downloaded and burned on a CD, in order to boot from it..
However, there are Netbooks without an optical drive. In this case, it is recommended to use therefor a re-writable medium (e.g. USB stick).
How to start the Avira Rescue System from a USB stick, will be explained in the following steps:
Download the Avira Rescue System as ISO file
Download the program Unetbootin
Plug in the USB stick and format it as FAT32
Doubleclick the downloaded "unetbootin.exe" file
Select the options "Diskimage", "ISO" and the "rescue-system.iso" file you have downloaded
The USB drive should be selected under "Type" and make sure, that the correct USB stick is selected, under "Drive"
Press OK. The files are copied and the bootable USB is created.
Now you ...

2,197

Aug 09, 2018 Avira

BGPKiller - Your Avira Ad Killer 0.96
BGPKiller - Your Avira Ad Killer 0.96
BGPKiller is an ad killer (or blocker) for your Avira Antivir antivirus.
The application is designed to stop popup windows (i.e. ads) coming from Avira. It monitors the unwanted Avira processes responsible for ads, and silently kills Avira popups and ads before they show up. BGPKiller runs alongside Avira Free Antivirus, in your System Tray, and tells you each time it kills!
The benefits of this utility are :
No more Avira ad windows popping up (never!)
No CPU usage coming from Avira ad processes
And the best thing about it, ... it is free!
Why such a utility?
The Avira Free antivirus (Free edition) is known for its very good virus detection rate and reliability. This is one of the best antivirus on the market. However, it is also known for its annoying popup ads. But because this is such a good antivirus, these ads were usually tolerated by their users.
However, in late 2014, a new bug made these ads even more unbearable : the CPU usage often reached 100% after an ad was displayed! And closing the Avira ad window was not enough. The only way to stop this high CPU usage was to manually kill the problematic ad processes or reboot the computer. If you didn't, your CPU could overheat to the point to affect your computer's longevity. This was obviously a very serious bug!
So I decided to write this small utility to monitor and kill all unwanted Avira ads. This way, I solved this bug and made sure my CPU would not overheat because of Avira ads. But as an added benefit, I realized how great it was to never see Avira ads anymore!!
No more ad windows popping up; no more ...

1,600

Aug 09, 2018AviraJoe

Bitdefender Adware Removal Tool 1.1.8.1668
Bitdefender Adware Removal Tool 1.1.8.1668
Bitdefender Adware Removal Tool for PC frees your computer from annoying adware, malicious hijacker programs, unwanted toolbars and other browser add-ons installed with or without your consent.
How it works
It scans your computer for adware, and produces a list of apps marked for removal. You will be able to choose what to keep on your computer.
Step 1
Download and install the tool on your computer.
Step 2
The tool scans your computer for adware.
Step 3
You can review the list of applications to be removed, and select those applications you want to remove.
Step 4
The tool removes unwanted adware.
Completely free
You don’t need expensive solutions to get rid of shady adware. Bitdefender Adware Removal Tool for PC will eliminate all the clutter at zero cost.
Identify shady adware installed on your PC
It’s not always easy to localize all the junk apps your computer might have picked up on the web. Adware Removal Tool for PC will find all the adware you need to erase.
Get rid of annoying ads that slow down your computer
Adware apps slow you down and try to trick you into clicking on dubious links. Bitdefender Adware Removal Tool for PC eliminates the source of those annoying ads and lets you enjoy your computer without frustrating interruptions.

Bitdefender Anti-Ransomware 1.0.12.151
Bitdefender Anti-Ransomware 1.0.12.151
Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.
“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”
A study conducted by Bitdefender in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim’s perspective on data loss through crypto-ransomware:
50% of users can’t accurately identify ransomware as a type of threat that prevents or limits access to computer data.
Half of victims are willing to pay up to $500 to recover encrypted data.
Personal documents rank first among user priorities.
UK consumers would pay most to retrieve files
US users are the main target for ransomware.

1,750

Aug 09, 2018BitDefender Labs

BitDefender Antivirus Free Edition 1.0.10.15
BitDefender Antivirus Free Edition 1.0.10.15
Powerful protection, the light way.
We make the Internet safe for you
We got your back. You can be sure all threats are taken care of when you browse the web.
We use advanced technologies such as machine learning to protect you from phishing and other types
of fraudulent content.
Live your digital life at full speed
We know speed and performance are vital, so we engineered our free antivirus solution
to be light on system resources. Our product learns how you use your
computer so it avoids slowdowns when scanning files for malware.
Full Features List
Virus Scanning and Removal
On-demand &amp; on-access scanning - powerful scan engines ensure detection and removal of all viruses..
Ultra-fast Scanning
With SmartScan, Bitdefender Antivirus Free Edition 2016 learns how you use your computer so it avoids slowing you down when scanning files for malware.
Improve the performance of your device
The innovative Photon technology optimizes scanning processes in relation to your PC configuration so speed and performance remain unaffected.
System Requirements
- Operating system: Windows 7 Service Pack 1, Windows 8, Windows 8.1, Windows 10
- Hard disk space: 2 GB available free hard disk space (at least 800 MB on the system drive)
- Intel CORE Duo (2 GHz) or equivalent processor
- Software requirements: Internet Explorer 10 or higher

4,443

Aug 09, 2018BitDefender Labs

Bitdefender Home Scanner 1.0
Bitdefender Home Scanner 1.0
Scan for weaknesses and hidden backdoors into your home
Bitdefender Home Scanner is a free tool that scans your Wi-Fi network, maps devices and identifies and highlights network security flaws. Bitdefender Home Scanner looks for weak passwords, as well as vulnerable or poorly encrypted communications. It correlates the information gathered from your connected devices with online vulnerability databases and gives you a thorough report so you can ensure maximum security for your network.
Map your home network
Scan open ports in the network
Wi-Fi scanner: identify all connected devices and security risks
Complementary to and compatible with all existing security tools
Why use Bitdefender Home Scanner
New software vulnerabilities are being discovered in many smart devices every day, and hackers are taking advantage of these security flaws to target homes and businesses. It is time to start thinking about the security of your smart devices.
Recently, a mom who had installed a smart surveillance system in her home discovered that someone had hacked into a webcam and live-streamed her daughters’ room on the Internet.
There have been numerous reports about light bulbs being hacked. In one case, a security company demonstrated that unauthorized persons could hack into a home network by posing as a new light bulb joining the system. This way the other light bulbs were tricked into giving away the username and password for the network.
Moreover, hackers can take advantage of vulnerabilities to take control of vast numbers of smart devices and use them to launch massive attacks against commercial and government websites.
Technical Details
Minimum system requirements:
Windows 7 SP 1, 8, 8.1, 10
CPU: Dual Core 1.6 GHz
RAM: 1 GB
HDD: 300 MB
Recommended system requirements:
Windows 7 SP ...

703

Aug 09, 2018BitDefender Labs

Bitdefender Ransomware Recognition Tool 1.0.0.2
Bitdefender Ransomware Recognition Tool 1.0.0.2
A tool to help ransomware victims find which family and sub-version of ransomware has encrypted their data and then get the appropriate decryption tool, if it exists.
Ransomware has grabbed the headlines ever since 2014. While most ransomware attacks can’t be defeated, Bitdefender constantly creates and updates ransomware decryption tools for families that have either vulnerable encryption algorithms or for which a master decryption key has been leaked.
This tool analyzes both the ransom note and the encrypted file samples to identify the strain of ransomware and suggest a decryption tool for the identified family, if such a tool is available.
Step 1
Download the BRR tool and save it somewhere on your computer. The latest version is always available here.
This tool requires an active internet connection.
Step 2
Run the BDRansomRecognitionTool.exe and allow it to execute if prompted by an UAC alert.
Step 3
Read and agree to the End User License Agreement
Step 4
The application has two fields to fill in:
Choose the path to the ransom note file or the path to a folder containing encrypted files. You can choose either option, but the tool needs at least one of the pieces of information to detect which strain of ransomware has encrypted your information. If none of the fields are filled in, you cannot proceed any further
Step 5
Press Scan. The application gives a warning if the ransom-note path is not filled in, as the detection accuracy is slightly lower in this case.
The content of the ransom note is submitted for analysis to Bitdefender cloud. If the user provides any encrypted file, NO file content will be submitted to our cloud, as the tool only analyzes the filename and its extension.
If the ransomware family cannot be identified, the user is informed about this. In some cases, multiple families of ransomware display similar features. ...

678

Aug 09, 2018BitDefender Labs

Bitdefender Rootkit Remover 32bit 3.0.2.1
Bitdefender Rootkit Remover 32bit 3.0.2.1
The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although a reboot may be required for complete cleanup).
Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing). Please note that the list is a bit outdated - new rootkit families are added as they become known.

3,581

Aug 09, 2018BitDefender Labs

Bitdefender Rootkit Remover 64bit 3.0.2.1
Bitdefender Rootkit Remover 64bit 3.0.2.1
The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although a reboot may be required for complete cleanup).
Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing). Please note that the list is a bit outdated - new rootkit families are added as they become known.

3,679

Aug 09, 2018BitDefender Labs

Check Browsers' LNK 2.2.0.24
Check Browsers' LNK 2.2.0.24
Check Browsers' LNK checks usual (*.LNK) and the Internet (*.URL) shortcuts to detect harmful links aimed to show undesirable ads in browsers.
Usage:
1) Disable temporarily your antivirus.
2) Run the file Check Browsers LNK.exe 3) Wait the completing of the work…*
After scanning, the folder “LOG” will be opened near the program and the report Check_Browsers_LNK.log that is to be placed in the theme of helping you.
Some prefixes description:
>>> - shortcuts recommended to be cured. When drag &amp; drop the log to program ClearLNK, they will be cured automatically.
- (minus) - shortcuts that will be excluded from the list of ClearLNK program handling. If you need to cure some of them, just copy line to the main window of ClearLNK and press 'Cure'.
!!! – files needed special attention
The developers:
- Pol’shyn Stanislav (Alex Dragokas)
- regist
Translations maded by:
English: Ganna Khatser.
French: Fr33tux (fr33tux.org).
German: Natalia Ishyna.
Changelog:
2.2.0.24 · Check Browsers LNK
2.2.0.24 Method of folder tree creation while finding shortcuts has been changed (more demanding to CPU, less to HDD). File reading function has been improved. Obtaining environment variables has been improved. Some analysis rules has been changed. Some errors has been fixed.

714

Aug 09, 2018Alex Dragokas

ClamWin Antivirus Portable 0.99.1
ClamWin Antivirus Portable 0.99.1
Portable ClamWin is a portable app, so you can take your antivirus with you to scan files on the go.
ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge.
Features:
High detection rates for viruses and spyware;
Scanning Scheduler;
Automatic downloads of regularly updated Virus Database.
Standalone virus scanner and right-click menu integration to Microsoft Windows Explorer;
Addin to Microsoft Outlook to remove virus-infected attachments automatically.
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit https://www.gnu.org/philosophy/

2,040

Aug 09, 2018Portable Apps

ClamWin Free Antivirus 0.99.1
ClamWin Free Antivirus 0.99.1
ClamWin is a Free Antivirus program for Microsoft Windows 10 / 8 / 7 / Vista / XP / Me / 2000 / 98 and Windows Server 2012, 2008 and 2003.
ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge. It features:
High detection rates for viruses and spyware;
Scanning Scheduler;
Automatic downloads of regularly updated Virus Database.
Standalone virus scanner and right-click menu integration to Microsoft Windows Explorer;
Addin to Microsoft Outlook to remove virus-infected attachments automatically.
The latest version of Clamwin Free Antivirus is 0.99.1
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit the following link: Philosophy of the GNU Project - Free Software Foundation.

4,114

Aug 09, 2018ClamWin Free Antivirus

Combofix 18.8.8.1 (date issue fixed)
Combofix 18.8.8.1 (date issue fixed)
ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.
Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.

6,150

Nov 15, 2018sUBs

CryptoPrevent 8.0.4.3
CryptoPrevent 8.0.4.3
CryptoPrevent is a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, 8.1, and 10) to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.
YES, this is the original CryptoLocker prevention tool you’ve read about, designed to prevent infection from the first “ransomware” threat which emerged in late 2013, encrypting valuable data on the infected PC and offering decryption in exchange for large payment. Within a few months of it’s release it created quite a buzz with features from Brian Krebs security blog (among many others) and by educators everywhere such as Kim Komando, Ken Dwight ‘The Virus Doctor’, the infamous Britec09 on Youtube, and ultimately reaching televised news such as CNBC and The Today Show.
We are proud to announce the release of CryptoPrevent Version 8!
We’ve re-written CryptoPrevent from the ground up, incorporating new features to bring you the latest protections from crypto-style ransomware and all other forms of malware!
New Features in v8 (Free and Premium Editions)
New: Folder Watch – Monitors and protects common folders from items that match malware definitions.
New: Submit Malicious Files – This will allow you to submit malicious files (which are not in our malware definitions) to review for inclusion in the default definitions.
Improved: Program Filtering Protection – The original ‘BETA’ program filtering protections were very effective, but caused issues with running certain programs; now it offers vastly improved reliability as it is based on the new code platform of the coming 3rd generation ‘d7x’ PC technician utilities, it is thoroughly tested, and recommended for mass usage!
Improved: SRP Protection – The original protection method since CryptoPrevent version 1 was automatically created “SRP” rules (aka “Software Restriction Policies” which are normally only available in “Professional” editions ...

3,596

Aug 09, 2018FoolishTech

Crystal Security (PORTABLE) 3.7.0.20
Crystal Security (PORTABLE) 3.7.0.20
Crystal Security is a cloud-based system that detects and removes malicious programs (malware) from your computer. Its technology provides fast detection against malware and lets you know about the changes on your computer in real time.
Anti-Malware
Crystal Security is an easy to use application that was created in order to help you quickly detect and remove malware that might affect your computer.
Cloud Based
The cloud based Crystal Security gathers data from millions of participating users systems around the world to help defend you from the very latest viruses and malware attacks.
Freeware
Cloud based malware detection, easy to use, user-friendly interface, automatic/manual updates, no installations, supports multiple languages and many other features.
Compatibility
Microsoft Windows Vista,
7, 8, 8.1, 10, Server 2008, 2012
32/64-bit
Requires .NET Framework 4.5
October 27th, 2017
Crystal Security 3.7.0.20 - What's new
Improved Checkup structure (settings).

1,813

Aug 09, 2018Kardo Kristal

Crystal Security 3.7.0.20
Crystal Security 3.7.0.20
Crystal Security is a cloud-based system that detects and removes malicious programs (malware) from your computer. Its technology provides fast detection against malware and lets you know about the changes on your computer in real time.
Anti-Malware
Crystal Security is an easy to use application that was created in order to help you quickly detect and remove malware that might affect your computer.
Cloud Based
The cloud based Crystal Security gathers data from millions of participating users systems around the world to help defend you from the very latest viruses and malware attacks.
Freeware
Cloud based malware detection, easy to use, user-friendly interface, automatic/manual updates, no installations, supports multiple languages and many other features.
Compatibility
Microsoft Windows Vista,
7, 8, 8.1, 10, Server 2008, 2012
32/64-bit
Requires .NET Framework 4.5
October 27th, 2017
Crystal Security 3.7.0.20 - What's new
Improved Checkup structure (settings).

1,763

Aug 09, 2018Kardo Kristal

Cybereason RansomFree 2.4.2.0
Cybereason RansomFree 2.4.2.0
Keep your important files safe from ransomware
RansomFree protects computers and servers running Windows.
The only free tool that stops 99% of ransomware strains, including never-before-seen types.
Simple installation, immediate protection
Download and install RansomFree in less than 5 minutes, by following our simple step-by-step installation wizard.
Eliminating Cyber Crime
Cybereason’s mission is to put an end to cyber crime. And in order to put an end to one of the most profitable cyber operations of the recent years – ransomware – we have to make it unprofitable for the criminals. That’s why we are launching RansomFree: free, easy-to-install ransomware protection software, available for download for every individual and business that lacks the budget and skills to fight back.
About Cybereason
Cybereason is a company of elite, former military cyber-security experts. Our deep experience in offensive cyber operations helped us build military-grade technologies that enable companies to stop attacks in real time.
Cybereason raised over 90 million dollars from investors like Lockheed Martin and the Japanese telecommunication giant Softbank. The company and its technology were featured in Fortune and Forbes.
https://s3.amazonaws.com/ransomfree-cybereason/Ransomfree.mp4?_=1

875

Dec 20, 2017Cybereason

DDS
DDS
DDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in security forums to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow experts to quickly ascertain whether or not malware may be running on your computer.
To use DDS, simply download the executable and save it to your desktop or other location on your computer. You should then double-click on the DDS.com icon to launch the program. DDS will then start to scan your computer and compile the information found into two log files. When DDS has finished it will launch the two Notepad windows that display the contents of these log files. The contents of these log files can then be attached to a reply in virus removal forums so that an expert can analyze them.

1,575

Jan 20, 2017sUBs

Defender Control 1.3
Defender Control 1.3
Easily disable/enable Windows Defender in Windows.
Since Vista,Windows Defender is included with Windows . It’s a small piece of software that runs in the background to help protect ,your computer from malware (malicious software) like viruses, spyware, and other potentially unwanted software. Some spyware protection is better than none, and it’s built in and free! But… if you are already running something that provides great anti-malware protection, defender will probably wasting precious resources , there’s no need to have more than one application running at a time.
The problem with all Defender versions in Windows Vista and above is it’s integrated into the operating system and installs by default with no visible or hidden option to uninstall. Many people are looking for ways to disable or remove it from their system as they prefer to use other software , for example on Windows 8 and 10 you cannot turn off Windows Defender completely anymore , A click on Settings in Windows Defender opens the control panel for the program in the new Windows Settings application. You can turn the program’s real-time protection off temporarily, but if it’s off for a while Windows will turn it back on automatically. It is unclear why Microsoft made the decision to change the behavior of Windows Defender in this regard. What is certain however is that it will annoy users who want to disable it permanently on the computer they are working on. Defender Control is a small Portable freeware which will allow you to disable Windows Defender in Windows 10 completely.
Why should you use it :
1. During copying big data from Pc to Usb or vice versa , disabling defender can decrease the Total Copy time
2. Users may experiencing conflicts between Defender and their antivirus application
3. Some antivirus programs ask the user ...

704

Jul 30, 2018Sordum.org

Defender Injector v1.0
Defender Injector v1.0
Regardless of whether you choose Windows Defender Antivirus, or, a third-party antivirus solution you need to be sure these products are not scanning critical File and folders because Occasionally Microsoft Security Essentials or Windows Defender cause problems with some Files and folders. Typical issues include slow performance , deleting some necessary files or erratic operation. To work around these problems you can add the this kind of files and folders to the list of exceptions.
In Windows 10 , there is a new app called Windows Defender Security Center . The app, formerly known as “Windows Defender Dashboard”, has been created to help the user control his security and privacy settings. You can add any trusted file, file type, folder, or a process to the exclusions list with the following steps ;
1. Open settings Application
2. Choose Update and security
3. Open Windows Defender Security Center
4. Select Virus and threat protection
5. Click Virus and threat protection settings
6. Click Add or remove exclusions
7. Under Add an exclusion, select the files, folders, file types, or process.
As you see adding exceptions manually through the graphical user interface would be time consuming, tedious and, prone to human error therefore we have coded a portable Freeware to simplify the whole process.
How to use Defender Injector
After downloading, extract the zip file to your desired location, then double click the “dInjector.exe” file . To Add an exclusion to Windows Defender list , just drag and drop any file or Folder on the software GUI , you can also use File or folder buttons
To remove listed file or folder whether you can select the item on the list and use remove button (Trash can) or you can right click on it and choose “Delete selected” feature
You can also Add defender Exclusions feature to your context menu , to ...

474

May 22, 2018Sordum.org

Emsisoft Emergency Kit 2018.6.0.8742
Emsisoft Emergency Kit 2018.6.0.8742
The Emsisoft Emergency Kit contains a collection of programs that can be used without software installation to scan for malware and clean infected computers: Emsisoft Emergency Kit Scanner and Emsisoft Commandline Scanner.
Emsisoft Emergency Kit Scanner
The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malicious programs.
Emsisoft Commandline Scanner
This scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and is perfect for batch jobs.
To run the Emsisoft Commandline Scanner, perform the following actions:
- Open a command prompt window (Run: cmd.exe)
- Switch to the drive of the USB Stick (e.g.: f:), then to the folder of the executable files (e.g.: cd run)
- Run the scanner by typing: a2cmd.exe
Next you will see a help page describing all available parameters.
The following parameter is an example of scanning drive c:\ with Memory, Traces (Registry) scan enabled, and archive support active. Detected Malware is moved to quarantine.
a2cmd.exe /f="c:\" /m /t /a /q="c:\quarantine\"
Emsisoft Emergency Kit is free for private use.
Will it run on my PC?
Unless you have a rather outdated PC from the late 90s, the answer is most likely yes, assuming that you’re using Windows 7, 8 or 10 - with the latest service pack installed. All features are fully functional on x64 systems too. While running, Emsisoft Emergency Kit uses about 200 MB of your RAM which is quite low considering the 10 million signatures that it must load. If your PC has at least 1 GB of RAM, this will be perfect.
Version 2018.6.0.8742 — Released: 07/02/2018
For Windows 7/8.1/10, 32 &amp; 64 bit

EOPRadar 1.08
EOPRadar 1.08
Use this new tool to check your system for several classes of privilege escalation vulnerabilities.
Useful in pentesting engagements, OS image hardening, SRP/AppLocker testing.
Win 7 and above. x64 only
Quick start
1. Note that the tool must be launched as a standard user account (SUA) - not an administrator.
2. Launch the application and click Scan.
3. In the scan results, a warning (yellow) indicates a writable process path, while an alert (red) indicates a critical EOP vulnerability, which would allow any standard user to elevate privileges to administrator. Any findings in red should be taken very seriously, especially in a AD domain environment.
4. Based on the results, review and fix your NTFS permissions for the affected processes. Remember, SUA-writable paths should not be executable, and vice versa.

195

Sep 27, 2018FS1

ESET EternalBlue Checker 1.0.0.1
ESET EternalBlue Checker 1.0.0.1
ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.
If the tool finds a vulnerability in your system due to missing Microsoft patches, Your computer is vulnerable will be displayed.
Press any key to open the Microsoft Windows update page. Click Microsoft Update Catalog in Method 2: Microsoft update Catalog section.
On the Microsoft Update Catalog page, find your operating system in the Products column and click the Download button next to your system.
Click the link in the Download window to download the security update for your system.
After the security update has been installed, restart your computer.
After the computer has restarted, run ESETEternalBlueChecker.exe again to verify that the security update installed correctly and your system is no longer at risk. If the security update was installed correctly, Your computer is safe, Microsoft security update is already installed will be displayed.
Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
Disable or restrict Remote Desktop Protocol (RDP) access
Disable macros in Microsoft Office.
If you are using Windows XP, disable SMBv1.

700

May 22, 2017ESET

ESET SysRescue Live 1.0.16.0
ESET SysRescue Live 1.0.16.0
A malware cleaning tool that runs independent of the operating system from a CD, DVD, or a USB. It has direct access to the disk and the file system, and therefore is capable of removing the most persistent threats.
Click here for instructions on making a USB drive or CD/DVD.
Supported Systems
Microsoft Windows® 10, 8.1 , 8, 7, Vista, XP, 2000
Microsoft Windows Server , 2012, 2012 R2, 2008 (x86 and x64), 2008 R2, 2003 (x86 and x64), 2000
Microsoft Small Business Server 2011, 2008, 2003

104

Nov 06, 2018ESET

ESET TeslaCrypt Decryptor 1.1.0.1
ESET TeslaCrypt Decryptor 1.1.0.1
ESET® released a decryptor for recent variants of the TeslaCrypt ransomware. If you have been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt and the encrypted files have the extensions .xxx, .ttt, .micro, .mp3 or remained unchanged, then ESET has good news for you.
Recently, TeslaCrypt’s operators have announced they are wrapping up their malicious activities. On this occasion, one of ESET’s analysts anonymously contacted the group, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators and requested the universal master decryption key.
Surprisingly, they made it public.
This has allowed ESET to promptly create a free decrypting tool capable of unlocking files affected by all variants of this ransomware.
How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter?
Issue
Your personal files became encrypted and the following information may be displayed in your computer, or in a .txt, .html or .png file
Your ESET product detects the infection Win32/Filecoder.TeslaCrypt
How to decrypt your files using the ESETTeslaCryptDecryptor.exe tool
Solution
Download the ESETTeslaCryptDecryptor.exe tool and save the file to your Desktop.
Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command ...

1,091

May 31, 2016ESET

Eternal Blues 0.0.0.8
Eternal Blues 0.0.0.8
Eternal Blues is a free EternalBlue vulnerability scanner. It helps finding the blind spots in your network, these endpoints that are still vulnerable to EternalBlue.
Just hit the SCAN button and you will immediately start to get which of your computers are vulnerable and which aren’t. That’s it.
If you wish, you can switch networks, or edit your own (yeah, you can also scan the world wide web if you wish). Please use it for good cause only. We have enough bad guys already…
Was this tool tested in real networks?
Oh yeah. Obviously I cannot say which, but with almost every network I connected to, there were a few vulnerable computers.
IMPORTANT: It does *not* exploit the vulnerability, but just checks whether it is exploitable.
Yet another vulnerability scanner?
There are many vulnerability scanners out there. So… why did I create another? Mainly for the ease of use. The majority of latest WannaCry, NoPetya (Petya, GoldenEye or whatever) victims, are not technical organizations and sometimes just small business who don’t have a security team, or even just an IT team to help them mitigate this. Running NMap, Metasploit (not to mention more commercial products) is something they will never do. I aimed to create a simple ‘one-button’ tool that tells you one thing and one thing only – which systems are vulnerable in your network.
Tips
If you’re about to run it in your working environment, please update the IT/Security team in advance. You don’t want to cause (IDS/IPS/AV) false alarms
If vulnerable systems were found – please take a Windows update asap
For God’s sake, please disable SMBv1 already. Whether your systems are patched or not. This protocol was written over 3 decades ago…!
If you would like to enjoy the ...

693

Jul 17, 2017Omerez

Farbar Recovery Scan Tool 32bit 08.11.2018
Farbar Recovery Scan Tool 32bit 08.11.2018
Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 in normal or safe mode to diagnose malware issues. It is also possible to run FRST in the Windows Recovery Environment in order to diagnose and fix boot issues.
If you are using Windows XP and have boot issue, the system should boot to the Recovery Environment using a PE Boot CD and then you can run FRST
This program will display detailed information about the Windows Registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, and partition specifications. It will also list some important system files that could be patched by malware.
Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, you may try both of them. Only one of them will run on your system.

2,355

Nov 09, 2018Farbar

Farbar Recovery Scan Tool 64bit 08.11.2018
Farbar Recovery Scan Tool 64bit 08.11.2018
Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 in normal or safe mode to diagnose malware issues. It is also possible to run FRST in the Windows Recovery Environment in order to diagnose and fix boot issues.
If you are using Windows XP and have boot issue, the system should boot to the Recovery Environment using a PE Boot CD and then you can run FRST
This program will display detailed information about the Windows Registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, and partition specifications. It will also list some important system files that could be patched by malware.
Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, you may try both of them. Only one of them will run on your system.

2,588

Nov 09, 2018Farbar

FileASSASSIN 1.06
FileASSASSIN 1.06
FileASSASSIN can eradicate any type of locked files from your computer.
If you use a computer, you've probably come across at least one of the following messages:
Cannot delete file: Access is denied
Make sure the disk is not full or write-protected and that the file is not currently in use
The source or destination file may be in use
The file is in use by another program or user
These messages commonly appear when you're trying to delete files deposited by a malware infection, though occasionally a file just goes on lockdown. Whatever the reason for the file, FileASSASSIN can remove it
Advanced programming techniques unload modules, close remote handles, and terminate processes in order to remove the particular locked file.
Warning: Please use caution with FileASSASSIN as deleting critical system files may cause system errors.
Usage
Start FileASSASSIN and select a file by dragging it onto the text area or selecting it using the (...) button.
Select a removal method from the list
Click Execute and the removal process will commence

4,416

Nov 12, 2016Malwarebytes

FreeFixer 1.17
FreeFixer 1.17
FreeFixer is a general purpose removal tool which will help you to delete potentially unwanted software, such as adware, spyware, trojans, viruses and worms. FreeFixer works by scanning a large number of locations where unwanted software has a known record of appearing or leaving traces. The scan locations include the programs that run on your computer, the programs that starts when you reboot your computer, your browser's plug-ins, your home page setting, etc.
FreeFixer does not know what is unwanted, so it presents the scan result and it's up to you decide if some file should be removed and if some settings should restored to their default value. Please be careful! If you delete a legitimate file you may damage your computer. To assist you when determining if anything should be removed you can find more information at FreeFixer's web site for each item in the scan result. You can for example see what other users chose to do in the same situation. You can also save log file of your scan result and consult the volunteers in one of the FreeFixer helper forums.
Release Notes
What's New in FreeFixer 1.17
FreeFixer will now also list UDP Listening Ports on the machine.
FreeFixer now sends the port number, protocol identifier and (TCP/UDP) and version (4/6) to the FreeFixer web site when clicking on the more information links shown in the TCP/IP Listening Ports scan result.
Added the following ports to the list of known ports: 123 (ntp), 138 (netbios-dgm) and 500 (isakmp).

GIGABYTE Intel ME Critical FW Update Utility B17.1218.1
GIGABYTE Intel ME Critical FW Update Utility B17.1218.1
GIGABYTE TECHNOLOGY Co. Ltd, a leading manufacturer of motherboards and graphics cards, has implemented safety measures aligned with Intel®’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities, so customers can be reassured their motherboards are fully protected. For all customers who have purchased GIGABYTE motherboards for Intel platforms, please visit the official website to download the latest BIOS versions as well as ME and TXE drivers.
The updates for the motherboards will be released starting with the Z370, 200 and 100 series and then previous generation motherboards. GIGABYTE has released a safety update for the user’s convenience. The GIGABYTE Intel ME Critical FW Update Utility on the GIGABYTE website will automatically detect the system's ME version and update it to the latest version.

702

Jan 05, 2018Gigabyte

GMER 2.2.19882
GMER 2.2.19882
GMER is an application that detects and removes rootkits .
It scans for:
hidden processes
hidden threads
hidden modules
hidden services
hidden files
hidden disk sectors (MBR)
hidden Alternate Data Streams
hidden registry keys
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
inline hooks
GMER runs on Windows XP/VISTA/7/8/10
Version History:
This is list of changes for each release of GMER:
2.2
- Added support for Windows 10
- Improved files &amp; disk scanning
FAQ
Frequently Asked Questions
Question: Do I have a rootkit?
Answer: You can scan the system for rootkits using GMER. Run gmer.exe, select Rootkit tab and click the "Scan" button.
If you don't know how to interpret the output, please Save the log and send it to my email address.
Warning ! Please, do not select the "Show all" checkbox during the scan.
Question: How to create "3rd party" log ?
Answer: Tick "3rd party" option and then click the "Scan" button. After the scan you can use "Remove signed" and "Remove duplicates" options to filter the scan results.
Question: How to install the GMER software ?
Answer: Just run gmer.exe. All required files will be copied to the system during the first lanuch.
Question: How to uninstall/remove the GMER software from my machine ?
Answer: Just delete the exe file.
Question: My computer is infected and GMER won't start:
Answer: Try to rename gmer.exe to iexplore.exe and then run it.
Question: How do I remove the Rustock rootkit ?
Answer: When GMER detects hidden service click "Delete the service" and answer YES to all questions.
Question: How do I show all NTFS Streams ?
Answer: On the "Rootkit Tab" select only: Files + ADS + Show all options and then click the Scan button.
Question: Can I launch GMER in Safe Mode ?
Answer: Yes, you can launch GMER in Safe Mode, however rootkits which don't work in Safe Mode won't be detected.
Question: I am confused as to use delete or disable the hidden "service".
Answer: Sometimes "delete ...

4,575

Dec 02, 2016Gmer

Hashing v2.1
Hashing v2.1
Simple utility to calculate and compare hashes of multiple files
Features:
MD5, SHA1, SHA256, SHA384, SHA512, CRC32 and RIPEMD160 algorithms supported
Choose which hashes you want to calculate
Compare and group identical files together
Compare multiple files against hash sums
Open in VirusTotal (works only SHA256)
Drag n' drop any number of files and folder
Option to save hashes in JSON files
Option for analyzing JSON files
Option for lower character casing
Option for decimal CRC32
Process high priority support
Tray icon support
Option to stay always on top
Single-instance support
Compatibility:
.NET Framework 4.5.2
Compatible with Windows 7, 8, 8.1, 10
Does not work with Windows XP or Vista

52

Nov 26, 2018hellzerg

HijackThis 2.0.5
HijackThis 2.0.5
HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.
Advanced users can use HijackThis to remove unwanted settings or files.

4,394

Sep 22, 2016TrendMicro

Immunet FREE Antivirus 6
Immunet FREE Antivirus 6
Immunet® is a malware and antivirus protection system that utilizes cloud computing to provide enhanced community-based security. Join the Immunet Community today and help make the internet safer for everyone.
Immunet utilizes cloud computing to keep your security always up-to-date against the latest malware including viruses, spyware, bots, worms, trojans, and keyloggers. You'll never be bothered to download detection updates to your computer.
Features
Fast, Real-time Online Protection with the Immunet Cloud
Community-level Protection
Basic Detection and Removal of bots, viruses, worms, trojans, keyloggers, and spyware.
Basic Network Scanning including Quick Scan, On-Demand Scan, and On-Access Scan
File Management &amp; Protection: Scan Individual Files, Exclude Files, Scan Compressed Files, Quarantine Infected Files
Clear documentation with History &amp; Report Logging
Community Forums
Compatible with existing antivirus software for an extra layer of protection.
Immunet Community
Protect your friends and family by inviting them to join the free Immunet Community. Each additional community member bolsters Immunet's data analysis to provide the most up-to-date and comprehensive protection. If one community member comes into contact with a virus or malware, Immunet will automatically add that protection to the rest of the community. Invite your friends and family to join the Immunet Community and be better protected today!
System Requirements
Immunet is generally compatible with Windows operating systems. See list below to see if your operating system has been specifically tested with Immunet. Immunet 6 supports both 32-bit and 64-bit versions of these operating systems. Additionally, Immunet requires an active internet connection to maintain the most up-to-date threat detection.
Microsoft Windows 7
1 GHz or faster processor
1 GB RAM
150 MB ...

3,267

Jan 22, 2018Immunet

InSpectre v8
InSpectre v8
Easily examine and understand any Windows
system's hardware and software capability to
prevent Meltdown and Spectre attacks.
“InSpectre” is an easy to use &amp; understand utility designed to clarify
the many overlapping and confusing aspects of any Windows
system's ability to prevent the Meltdown and Spectre attacks.
As the application's textual display says...
In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.
Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
Release History
Release #8 — Now shows whether an Intel microcode patch is (ever) available for Spectre.
Intel has finished designing microcode update patches for its processors. On April 2nd, 2018, they announced that processors that have not yet been patches will never be patched. Their full statement is available in this PDF document. In that document, Intel specifies which of their many processors do have patches and which of their more recent processors will never receive updated firmware. Now that the industry has this information, this 8th release of InSpectre incorporates that list of CPUIDs and displays whether microcode firmware updates exist for the system's Intel CPU.
BOGUS “SmartScreen” ...

706

Apr 13, 2018Gibson Research Corporation

Junkware Removal Tool 8.1.4
Junkware Removal Tool 8.1.4
Scrubs out the bad, keeps the good
Is your PC running slow? It could be infected with potentially unwanted programs (PUPs), adware, or other junkware. Junkware Removal Tool (JRT) by Malwarebytes sweeps up and removes all traces of irritating hitchhikers.
How it works for you
Removes adware that spawn popup ads, such as Conduit
Uninstalls unwanted toolbars and browser helper objects, including the Ask and Babylon toolbars
Removes potentially unwanted programs (PUPs)
Cleans up traces left behind by PUPs
What it does for you
Toolbar removal functionality
Browser extension removal functionality (Google Chrome, Firefox, Internet Explorer)
PUPs and adware removal functionality
Light footprint
Portable application—no installation necessary
What makes Junkware Removal Tool different?
Offers comprehensive junkware removal
Junkware Removal Tool is custom built to detect and remove over 250 junkware variants, including adware and unwanted toolbars.
Moves with you
Junkware Removal Tool is portable. There’s no need to install it on your computer—simply load it on a USB, plug the USB into your computer, and start cleaning.
Combines fast scanning with seamless removal
Got coffee? Junkware Removal Tool will typically disinfect a computer in under five minutes, so your machine is clean and pristine in the time it takes you to brew another cup.
Spells simplicity “CLI”
Junkware Removal Tool operates through a lean but flexible Command Line Interface (CLI) to reduce its system footprint and simplify operation.
Maintains a low profile
Junkware Removal Tool self-extracts and installs itself in the Temp folder. It’s unobtrusive, out of the way, and is easy to remove when the job is done.
Tech Specs
Version
8.1.4
Languages Available
English
Hardware Requirements
1024MB of RAM (256MB for Windows XP)
...

7,006

Jul 17, 2017Malwarebytes

Kaspersky CapperKiller 1.0.12.0
Kaspersky CapperKiller 1.0.12.0
The CapperKiller utility is designed for treating the aftermaths of a Trojan-Banker.Win32.Capper infection.
1. Signs of infection
The given piece of malware changes proxy settings in the following browsers (if installed on the host): Internet Explorer, Mozilla Firefox, Opera, Google Chrome (uses Internet Explorer settings). It adds a special URL to the Use automatic configuration script option in the Internet connection settings.
A reboot may be required after the treatment.
The CapperKiller utility performs the following:
Detects and fixes proxy settings in all browsers.
Detects and deletes malicious exec files.

1,418

Sep 29, 2017Kaspersky Lab

Kaspersky FippKiller 1.0.2
There is a special utility for curing an active Worm.Win32.Fipp.a infection.
Infection symptoms:
Significantly increased RDP traffic (brute-force attack).
Antivirus software performance degradation on many hosts in local network.
Infected hosts attempt to access URLs like *.ppift.*
How to disinfect an infected system:
Download the FippKiller.exe file.
Launch the FippKiller.exe file on the infected (or potentially infected) host.
It is recommended not to reboot hosts after using the utility until the network has been successfully disinfected.
Command line options to use with the utility:
-p <path> - scan a particular host;
-n – scan network volumes;
-r - scan flash drives, and removable USB / FireWire hard disks;
-y – close the window once the utility completes;
-s – scan in silent mode (without displaying the console window);
-l <file_name> - log file name;
-v – create a detailed log file (should be used with -l);
-m – system infection protection monitoring mode;
-q – scan the system, activate monitoring mode once the scan completes.

4,310

Sep 29, 2017Kaspersky

Kaspersky Free Antivirus v19.0.0.1088
Kaspersky Free Antivirus v19.0.0.1088
FREE AND FAST PROTECTION – FOR YOU AND YOUR PC
Blocks dangerous files, sites &amp; more
Blocks dangerous files, sites &amp; more
Protects your personal information
Protects your personal information
Secures – without slowing you down
Secures – without slowing you down
Automatically blocks dangerous files, websites &amp; applications
feature1
Our award-winning security automatically blocks dangerous downloads – and automatically warns you about malicious websites.
Helps you keep your personal information… safe &amp; sound
Every time you open an email or visit a website… we help keep you safe. All your emails are scanned… and phishing websites – that could try to steal your money or identity – are automatically blocked.
Delivers rapid protection that fits in with your busy life
feature3
Our security is designed to protect you – without getting in your way. With real-time data being fed directly from the cloud, your PC’s protected from the most common threats.
We do not support the beta versions/previews of new operating systems. Only final, officially released operating systems are supported by the product.
If you’re using Microsoft Windows XP, the product is not intended to operate on FAT32 file system.
Click here to visit the author's website.

722

Dec 01, 2018Kaspersky Labs

Kaspersky RakhniDecryptor 1.14.0.0
Kaspersky RakhniDecryptor 1.14.0.0
RakhniDecryptor utility for removing Trojan-Ransom.Win32.Rakhni malicious software (.oshit and others)
The malicious programs Trojan-Ransom.Win32.Rakhni, Trojan-Ransom.Win32.Agent.iih, Trojan-Ransom.Win32.Aura, Trojan-Ransom.Win32.Autoit, and Trojan-Ransom.AndroidOS.Pletor are used by malefactors to encrypt files so that their extensions are changed as follows:
<filename>.<original_extension>.<locked>
<filename>.<original_extension>.<kraken>
<filename>.<original_extension>.<darkness>
<filename>.<original_extension>.<nochance>
<filename>.<original_extension>.<oshit>
<filename>.<original_extension>.<oplata@qq_com>
<filename>.<original_extension>.<relock@qq_com>
<filename>.<original_extension>.<crypto>
<filename>.<original_extension>.<helpdecrypt@ukr.net>
<filename>.<original_extension>.<pizda@qq_com>
<filename>.<original_extension>.<dyatel@qq_com>
<filename>.<original_extension>_crypt
<filename>.<original_extension>.<nalog@qq_com>
<filename>.<original_extension>.<chifrator@qq_com>
<filename>.<original_extension>.<gruzin@qq_com>
<filename>.<original_extension>.<troyancoder@qq_com>
<filename>.<original_extension>.<encrypted>
<filename>.<original_extension>.<cry>
<filename>.<original_extension>.<AES256>
<filename>.<original_extension>.<enc>
<filename>.<original_extension>.<coderksu@gmail_com_id371>
<filename>.<original_extension>.<coderksu@gmail_com_id372>
<filename>.<original_extension>.<coderksu@gmail_com_id374>
<filename>.<original_extension>.<coderksu@gmail_com_id375>
<filename>.<original_extension>.<coderksu@gmail_com_id376>
<filename>.<original_extension>.<coderksu@gmail_com_id392>
<filename>.<original_extension>.<coderksu@gmail_com_id357>
<filename>.<original_extension>.<coderksu@gmail_com_id356>
<filename>.<original_extension>.<coderksu@gmail_com_id358>
<filename>.<original_extension>.<coderksu@gmail_com_id359>
<filename>.<original_extension>.<coderksu@gmail_com_id360>
<filename>.<original_extension>.<coderksu@gmail_com_id20>
<filename>.crypt@india.com.random_characters>
<filename>.<original_extension>.<hb15>
For example:
Before: file.doc / After: file.doc.locked
Before: 1.doc / After: 1.dochb15
To regain control over the files encrypted by Trojan-Ransom.Win32.Rakhni, Trojan-Ransom.Win32.Aura, Trojan-Ransom.Win32.Agent.iih, Trojan-Ransom.Win32.Autoit, and Trojan-Ransom.AndroidOS.Pletor, use the RakhniDecryptor utility developed by Kaspersky Lab specialists.
1. How to work with the utility
IMPORTANT: Trojan-Ransom.Win32.Rakhni creates the exit.hhr.oshit file that contains an encrypted password to user's files. If this file remains on the computer, it will make decryption with the RakhniDecryptor utility faster. If the file has been removed, it can be recovered with file recovery utilities. After the file is recovered, put it into %APPDATA% and run the scan with the utility once again. The exit.hhr.oshit file has the following path:
Windows XP: C:\Documents and Settings\<username>\Application Data
Windows 7/8: C:\Users\<username>\AppData\Roaming
To decrypt ...

4,355

Sep 29, 2017Kaspersky Lab

Kaspersky RannohDecryptor 1.8.0.0
Kaspersky RannohDecryptor 1.8.0.0
If the system is infected by a malicious program of the family Trojan-Ransom.Win32.Rannoh , Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, or Trojan-Ransom.Win32.Cryakl, all files on the computer will be encrypted in the following way:
In case of a Trojan-Ransom.Win32.Rannoh infection, file names and extensions will be changed according to the template locked-<original name>.<four random letters>.
In case of a Trojan-Ransom.Win32.Cryakl infection, the tag {CRYPTENDBLACKDC} is added to the end of file names.
In case of a Trojan-Ransom.Win32.AutoIt infection, extensions will be changed according to the template <original name>@<mail server>_.<random set of characters>. Example: ioblomov@india.com_RZWDTDIC.
To decrypt files affected by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola or Trojan-Ransom.Win32.Cryakl, use the RannohDecryptor utility.

1,857

Sep 29, 2017Kaspersky Lab

Kaspersky RectorDecryptor 2.6.35.0
Kaspersky RectorDecryptor 2.6.35.0
Cybercriminals use Trojan-Ransom.Win32.Rector for disrupting normal performance of computers and for unauthorized modification of data making it unusable. Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC.
Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. The utility has a GUI.
Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector:
Download the utility RectorDecryptor.zip to an infected computer;
Extract its content using an archiver (WinZip, e.g.);
Run the file RectorDecryptor.exe;
The utility starts working by clicking the button Start scan.
It finds and decrypts encrypted files.
Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.

4,367

Sep 29, 2017Kaspersky Lab

Kaspersky Rescue Disk 11-24-17
Kaspersky Rescue Disk 11-24-17
Boot from the Kaspersky Rescue Disk to scan and remove threats from an infected computer without the risk of infecting other files or computers.
If your computer is infected with the ransom malware, then use a special Kaspersky WindowsUnlocker utility.
Ransom malware blocks access to data so that the user can no longer use it and prevents the computer from running correctly. Once the data has been blocked or encrypted, the user will receive a ransom demand.
In order to disinfect the registry using Kaspersky WindowsUnlocker, perform the following actions:
If you booted Kaspersky Rescue Disk in the graphic mode, click the button К ; in the bottom right corner of the screen and in the menu select Terminal. In the command prompt enter the command windowsunlocker and press Enter on the keyboard.
Burn this ISO image to a CD, insert it into the infected system's CD-ROM drive, enter the PC's BIOS, set it to boot from the CD and reboot the computer.
This lists the Gentoo-specific options, along with a few options that are built-in to the kernel, but that have been proven very useful to our users.
Also, all options that start with "do" have a "no" inverse, that does the opposite. For example, "doscsi" enables SCSI support in the initial ramdisk boot, while "noscsi" disables it. Easily remove malicious objects from your computer without the risk of getting infected.

4,730

Nov 24, 2017Kaspersky

Kaspersky ScatterDecryptor 1.0.0.0
Kaspersky ScatterDecryptor 1.0.0.0
If your computer is infected with Trojan-Ransom.BAT.Scatter, use the ScatterDecryptor utility for restoring encrypted files. Trojan-Ransom.BAT.Scatter encrypts user files with a public key and changes their extensions. The files can only be decrypted with a unique secret key.
ScatterDecryptor restores the files only if the utility contains a certain Trojan-Ransom.BAT.Scatter modification's secret key.

2,976

Sep 29, 2017 Kaspersky Labs International Ltd.

Kaspersky ScraperDecryptor 1.0.0.0
Kaspersky ScraperDecryptor 1.0.0.0
The malicious program Trojan-Ransom.Win32.Scraper encrypts user files to block access to them. After the data has been blocked, the user is required to pay a ransom.
To decrypt files affected by Trojan-Ransom.Win32.Scraper, use the ScraperDecryptor utility developed by Kaspersky Lab engineers.

2,044

Sep 29, 2017 Kaspersky Lab

Kaspersky TDSSKiller v3.1.0.21
Kaspersky TDSSKiller v3.1.0.21
A rootkit is a program or a program kit that hides the presence of malware in the system.
A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.
The utility supports 32-bit and 64-bit operation systems.
The utility can be run in Normal Mode and Safe Mode.
The TDSSKiller utility fights malware family Rootkit.Win32.TDSS, bootkits and rootkits:
Backdoor.Win32.Phanta.a,b
Backdoor.Win32.Sinowal.knf,kmy
Backdoor.Win32.Trup.a,b
Rootkit.Boot.Aeon.a
Rootkit.Boot.Adrasteia.a
Rootkit.Boot.Backboot.a
Rootkit.Boot.Backboot.c
Rootkit.Boot.Batan.a
Rootkit.Boot.Bootkor.a
Rootkit.Boot.Clones.a
Rootkit.Boot.CPD.a,b
Rootkit.Boot.Fisp.a
Rootkit.Boot.Geth.a
Rootkit.Boot.Goodkit.a
Rootkit.Boot.Harbinger.a
Rootkit.Boot.Krogan.a
Rootkit.Boot.Lapka.a
Rootkit.Boot.Mebusta.a
Rootkit.Boot.MyBios.b
Rootkit.Boot.Nimnul.a
Rootkit.Boot.Nix.a
Rootkit.Boot.Pihar.a,b,c
Rootkit.Boot.Plite.a
Rootkit.Boot.Prothean.a
Rootkit.Boot.Qvod.a
Rootkit.Boot.Sawlam.a
Rootkit.Boot.Smitnyl.a
Rootkit.Boot.SST.a,b
Rootkit.Boot.SST.b
Rootkit.Boot.Wistler.a
Rootkit.Boot.Xpaj.a
Rootkit.Boot.Yurn.a
Rootkit.Win32.PMax.gen
Rootkit.Win32.Stoned.d
Rootkit.Win32.TDSS
Rootkit.Win32.TDSS.mbr
Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k
Trojan-Clicker.Win32.Wistler.a,b,c
Trojan-Dropper.Boot.Niwa.a
Trojan-Ransom.Boot.Mbro.d,e
Trojan-Ransom.Boot.Mbro.f
Trojan-Ransom.Boot.Siob.a
Trojan-Spy.Win32.ZBot
Virus.Win32.Cmoser.a
Virus.Win32.Rloader.a
...

6,244

Nov 29, 2018Kaspersky Lab

Kaspersky Virus Removal Tool 2018.01.14
Kaspersky Virus Removal Tool 2018.01.14
Kaspersky Virus Removal Tool is a utility designed to remove all types of threats from computers. Kaspersky Virus Removal Tool uses the effective detection algorithms realized in Kaspersky Anti-Virus and AVZ.
Kaspersky Virus Removal Tool does not provide resident protection for your computer. After disinfecting a computer, you are supposed to remove the tool and install a full version of antivirus software.
Advantages:
Simplified interface.
Can be installed to an infected computer (Safe Mode supported).
Composite scan and disinfection system: signature detection and heuristic analyzer.
Gathering system information and interactive creation of scripts for disinfection.
General functions:
Automatic and manual removal of virus, Trojans and worms.
Automatic and manual removal of Spyware and Adware modules.
Automatic and manual removal of all types of rootkits.
Known issues:
System memory scan is unavailable in x64 versions of Windows XP / Vista / 7 due to specific features of application system drivers.
Impossible to rename application folder if User Account Control is enabled in Windows Vista settings and application Self-Defence disabled.
Support rules for Kaspersky Virus Removal Tool:
Technical support is provided only for users of Kaspersky Anti-Virus and Kaspersky Internet Security. If you are not a user of a Kaspersky Lab product, then in order to get technical support available for the tool, visit Kaspersky Lab
The tool should be used for disinfection purpose under expert guidance via the service http://kaspersky-911.com.
Unguided creation of scripts can result in a data loss or crippled computer.
Having virus on your computer is always a risk of crippling it or losing data. Kaspersky Lab does not take any responsibility for the possible harm inflicted by virus during disinfection.

Malwarebytes Anti-Exploit v1.12.1.137
Malwarebytes Anti-Exploit v1.12.1.137
Malwarebytes Anti-Exploit protects you against the security vulnerabilities in the code, which make up your software programs. Your software contains millions of lines of code, which unfortunately some people want to exploit.
Malwarebytes Anti-Exploit protects you from these vulnerabilities which people can manipulate in order to infect your system with malware. The software gives you three layers of security protection around popular browsers and applications, thereby preventing the vulnerable code from being exploited.
The software is not an antivirus product in itself, but it is compatible with most antivirus software.
KEY FEATURES INCLUDE
It protects browsers and their add-ons
Protects browser components
Protects media players and PDF readers
Allows you to manage custom shields
Best of all, it's free!
Changelog
We're happy to announce the release of Malwarebytes Anti-Exploit Beta 1.12 Build 137.
This is a full Beta version with premium features available to Free users:
Protection:
New Updated Protection for Chrome and Edge Browsers
Stability/issues fixed:
Fixed False positives with Leawo Blu-ray Player
Fixed False positives with ViewRight plugin
Fixed alert notification issues

4,603

Nov 16, 2018Malwarebytes

Malwarebytes Anti-Ransomware beta9 - build 0.9.18.807
Malwarebytes Anti-Ransomware beta9 - build 0.9.18.807
Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.
These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1.
This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before.
Malwarebytes Anti-Ransomware open beta starts today and is available for anyone to install and try out. Please keep in mind that this is the first beta and there may be some bugs or issues that need to be worked out, so we encourage you to try it out in a non-production environment first.

1,458

Sep 21, 2017Malwarebytes

Malwarebytes Anti-Rootkit 1.10.3.1001
Malwarebytes Anti-Rootkit 1.10.3.1001
Malwarebytes Anti-Rootkit is a handy and reliable application designed to scan, detect and clean malicious rootkits that reside on your computer.
The archive also includes a handy utility that repairs the damage caused by the presence of rootkits. This operation requires a reboot in order to apply the fixes.

4,541

Nov 02, 2017Malwarebytes

Malwarebytes Chameleon 3.1.33
Malwarebytes Chameleon 3.1.33
Malwarebytes Chameleon technologies gets Malwarebytes Anti-Malware installed and running even when blocked by malicious programs.
This program contains all up-to-date versions of Malwarebytes Anti-Malware.
There are certain variants of malware that are designed to stop security programs from being installed and run on infected systems.
Simply put, Chameleon is a tool that disguises Malwarebytes Anti-Malware (MBAM) so it can avoid the active infection designed to stop it allowing MBAM to be installed and run.
Chameleon will also kill any known bad processes that are actively stopping MBAM from installing or running.
If at any time your machine is infected and you try and install MBAM but you are unable to do so, or if you already have the program installed and try to run it but you are unable to do so, then it could be an infection preventing the installation or execution of the program.
This is when Chameleon should be deployed, Chameleon will install its own driver and start to run, it will update MBAM to the latest definitions, (if already installed), kill any known malicious processes that are preventing MBAM from being installed or run, it will then launch MBAM automatically and a scan will begin.

3,346

Jan 02, 2017Malwarebytes

Malwarebytes FileASSASSIN 1.06
Malwarebytes FileASSASSIN 1.06
FileASSASSIN can eradicate any type of locked files from your computer.
If you use a computer, you've probably come across at least one of the following messages:
Cannot delete file: Access is denied
Make sure the disk is not full or write-protected and that the file is not currently in use
The source or destination file may be in use
The file is in use by another program or user
These messages commonly appear when you're trying to delete files deposited by a malware infection, though occasionally a file just goes on lockdown. Whatever the reason for the file, FileASSASSIN can remove it
Advanced programming techniques unload modules, close remote handles, and terminate processes in order to remove the particular locked file.
Warning: Please use caution with FileASSASSIN as deleting critical system files may cause system errors.
Usage
Start FileASSASSIN and select a file by dragging it onto the text area or selecting it using the (...) button.
Select a removal method from the list
Click Execute and the removal process will commence

1,356

Feb 02, 2016Malwarebytes

McAfee GetSusp v3.0.0.603 32bit
McAfee GetSusp v3.0.0.603 32bit
McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) File Reputation database to gather suspicious files.
Features
Delivered as a single executable file with no installation required.
Option to run in different modes – GUI and command line.
Leverages GTI File Reputation to determine if the sample is suspicious.
Records system and installed McAfee product information date of execution and details of suspected files.
GetSusp supports Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2016 and Windows 7, 8, 8.1, and 10 (up to RS4).
Click here to visit the author's website.

545

Dec 03, 2018McAfee

McAfee GetSusp v3.0.0.603 64bit
McAfee GetSusp v3.0.0.603 64bit
McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) File Reputation database to gather suspicious files.
Features
Delivered as a single executable file with no installation required.
Option to run in different modes – GUI and command line.
Leverages GTI File Reputation to determine if the sample is suspicious.
Records system and installed McAfee product information date of execution and details of suspected files.
GetSusp supports Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2016 and Windows 7, 8, 8.1, and 10 (up to RS4).
Click here to visit the author's website.

38

Dec 03, 2018McAfee

McAfee Rootkit Remover 0.8.9.209
McAfee Rootkit Remover 0.8.9.209
McAfee Rootkit Remover is a stand-alone utility used to detect and remove complex rootkits and associated malware. Currently it can detect and remove ZeroAccess, Necurs and TDSS family of rootkits. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool.
How do you use RootkitRemover?
Download the latest version of RootkitRemover
When prompted, choose to save the file to a convenient location on your hard disk, such as your Desktop folder.
When the download is complete, navigate to the folder that contains the downloaded RootkitRemover file, and run it. It is best to run the tool in Administrator mode.
The tool then runs a window which shows the status of the process. The various stages are:
Initializing
Scanning
Cleaning
When the process is completed, it prompts the user to press any key to exit the tool.
It is recommended to reboot the system and perform a full scan with the McAfee VirusScan to remove remnants of the infection that might still be left on the system.
Frequently Asked Questions
Q: What is the need for the RootkitRemover tool?
A: RootkitRemover is not a substitute for a full anti-virus scanner. It is designed to detect and remove specific rootkit infections.
Q: How to use the RootkitRemover tool?
A: The tool can be run by either double clicking it or through the command-line. It is advisable to run a full system scan using McAfee VirusScan after removing any infection with the tool.
Q: How do I save the scan results to a log file?
A: The tool is designed to automatically save the report in the same folder as the tool is placed.
Q: Why do I need to rescan with McAfee VirusScan? Would I need ...

1,715

Jul 14, 2017McAfee Labs

McAfee Stinger 32bit with Real Protect v12.1.0.2985
McAfee Stinger 32bit with Real Protect v12.1.0.2985
McAfee Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a specialized tool to assist administrators and users when dealing with infected system. Details on new or enhanced signatures added with each Stinger build are listed in the Readme details.
Stinger now includes Raptor - a real-time behavior detection technology that monitors suspicious activity on an endpoint. Raptor leverages machine learning and automated behavioral based classification in the cloud to detect zero-day malware in real-time.
Stinger Release Notes
Build Number: 12.1.0.2985
Build Date: 14-Dec-2018
Stinger 32bit MD5: adb2495ffe5f916b27c5dd8483c7bacb
SHA1: 64d11a7366e92657ccc1f3ef73533e70236ab790
Stinger-ePO 32bit MD5: 4d725d3ecb7e9470457b36b98bdd973d
SHA1: 3b4bac0a127f98102875289eee70a84df4129549
Stinger 64bit MD5: 29194e398c2d88e3436ab737e88f0ffb
SHA1: 67882f8c7b69c565408be892377998f4bb31b497
Stinger-ePO 64bit MD5: 2a727b5a6ddd797bd3f60f3f399bc193
SHA1: b1c4c50b66bd7621d720c3c1fbbb575347ae76e5
Enhanced detections are those that have been ...

5,242

Dec 14, 2018McAfee Security Products and Services

McAfee Stinger 64bit with Real Protect v12.1.0.2985
McAfee Stinger 64bit with Real Protect v12.1.0.2985
McAfee Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a specialized tool to assist administrators and users when dealing with infected system. Details on new or enhanced signatures added with each Stinger build are listed in the Readme details.
Stinger now includes Raptor - a real-time behavior detection technology that monitors suspicious activity on an endpoint. Raptor leverages machine learning and automated behavioral based classification in the cloud to detect zero-day malware in real-time.
Stinger Release Notes
Build Number: 12.1.0.2985
Build Date: 14-Dec-2018
Stinger 32bit MD5: adb2495ffe5f916b27c5dd8483c7bacb
SHA1: 64d11a7366e92657ccc1f3ef73533e70236ab790
Stinger-ePO 32bit MD5: 4d725d3ecb7e9470457b36b98bdd973d
SHA1: 3b4bac0a127f98102875289eee70a84df4129549
Stinger 64bit MD5: 29194e398c2d88e3436ab737e88f0ffb
SHA1: 67882f8c7b69c565408be892377998f4bb31b497
Stinger-ePO 64bit MD5: 2a727b5a6ddd797bd3f60f3f399bc193
SHA1: b1c4c50b66bd7621d720c3c1fbbb575347ae76e5
Enhanced detections are those that have been ...

5,066

Dec 14, 2018McAfee Security Products and Services

Metadefender Cloud Client 4.0.13
Metadefender Cloud Client 4.0.13
Metadefender Cloud Client is the most thorough free malware analysis tool available. By running data through Metadefender Cloud, Cloud Client performs a deep endpoint forensic analysis for malware using several unique methods. Look for threats and assess the security state of your endpoint if you think it may be compromised.
Methods:
Memory Module Multi-Scanning: process and dynamic link library (DLL) analysis using over 40 anti-malware engines
Local Anti-malware Analysis: a unique and effective analysis of anti-malware log files
Rogue IP Detection: ensuring there are no network connections to a rogue IP address using several IP reputation sources
Memory Module Multi-Scanning
Running over 40 anti-malware engines that use heuristic detection, Metadefender Cloud Client analyzes all running processes and loaded memory modules. It performs a deep scan, analyzing the DLLs accessed by these processes for malware as well. This results in a deeper analysis than that of other free tools like Process Explorer or VirusTotal.
And it does all this quickly – in just a few minutes.
When you run it, Metadefender Cloud Client begins scanning all processes and DLL files for any threat.
Once the analysis is complete, you’ll see a summary at the top of the window of how many potential threats of all kinds were identified.
You’re able to click on each individual result and see the specific processes and DLLs that may be infected. Cloud Client is unique in allowing you to review the results on such a granular level.
Highlight a process to see the results of the analysis. Click the arrow next to it in order to see the libraries accessed by the application while it runs.
Then, click on individual DLL files to see the threats identified, and which specific anti-malware engines identified them.
You can also see a list of potentially ...

Microsoft Safety Scanner 1.275.1003.0
Microsoft Safety Scanner 1.275.1003.0
Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.
Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.
System requirements
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
How to run a scan
Download this tool and open it.
Select the type of scan you want run and start the scan.
Review the scan results displayed on screen. The tool lists all identified malware.
To remove this tool, delete the executable file (msert.exe by default).

745

Sep 10, 2018Microsoft Corp.

MJ Registry Watcher 1.2.8.6
MJ Registry Watcher 1.2.8.6
MJ Registry Watcher is a simple registry, file and directory hooker/poller, that safeguards the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by trojans. It has very low resource usage, and is set to poll every 30 seconds by default, although you can adjust this to anywhere between 0 and 9999. A configuration file stores all your settings for future use. MJRW not only polls the system, but it also hooks it, so that most changes to keys, files and directories are reported instantaneously. Key deletions are still caught by the polling loop though, since they cannot be hooked. Exactly which keys and files are protected can be completely configured by the user, although the sets I supply with MJRW will cover most standard PCs.
There is an additional automatic registry backup system that takes a snapshot of the entire registry about every 28 days and stores it in the directory MJRegBackup. The filename is of the form MJRegBackup_yyyymmdd.reg where yyyy is the year, mm is the month and dd is the day. The last 15 snapshots are kept. They can be restored from a menu option : this can be used in Safe Mode as administrator to rescue a non-booting PC. It should only be used as a last resort : it saved my PC when I accidentally knocked out the video drivers during an over-zealous session in the registry, cleaning out "LogMeIn"!
To install it, extract the files with pathnames, and you'll have a self-contained .exe file with a small help text file, the keys and files lists, and a couple of exclusion files in the MJRegWatcher directory. Launch RegWatcher.exe and then, use the Options, Settings, Automatic Startup Options screen to install it either just for the current ...

364

Jul 16, 2018Mark Jacobs

Norton Power Eraser 5.2.0.19
Norton Power Eraser 5.2.0.19
Norton Power Eraser is a powerful removal tool that may help you clean up certain types of difficult to remove security risks. If a program has hijacked your computer and you are having difficulty detecting or removing it, Norton Power Eraser may be able to clean your computer.
Norton Power Eraser includes detection and removal capabilities for security risks that impersonate legitimate applications (for example, fake antivirus software), often known as "scareware", "rogueware" or "scamware". The tool uses more aggressive techniques than your Norton security product, hence there is a risk that it will flag legitimate programs for removal. You should carefully review the scan results page before removing any files.
Scanning and Cleaning with Norton Power Eraser
You do not need to install Norton Power Eraser. When the download is complete, just double click the icon on your desktop and the tool will start. You will need to accept the End User License Agreement before running a scan.
Settings
Click Settings on the main Norton Power Eraser screen to set up a network proxy or adjust log settings. If you choose to delete log history, you cannot undo any previous fix sessions. Click OK or Cancel to return to the main screen.
View Scan Logs
During every System Scan, Norton Power Eraser creates a log of important system information such as:
The operating system present on the computer
The installed drivers
The processes and the services running on the computer
The startup items
The browser plug-ins
The files detected as risks and the actions taken
To see the log, click the View Log link at the bottom of the screen. The log is in XML format, so for best results, you should use an XML viewer.
Restoring a Previous Session
To restore previously removed files, click the REVIEW button found on the main Window.

OTL 3.2.69.0
OTL 3.2.69.0
OTL, or OldTimer ListIt, is a tool that is used to diagnose a computer for a possible malware presence and to provide system diagnostics information that can by someone working on a computer. When run, OTL will scan your computer for a variety of information and then generate a report with a tremendous amount of information about your computer's hardware, programs, files, and running environment.

2,012

Apr 23, 2017OldTimer

Panda Cloud Cleaner 1.1.10
Panda Cloud Cleaner 1.1.10
An advanced disinfector that detects malware that traditional security solutions cannot detect.
A second opinion on the security of your PC.
Greater detection capacity than traditional antivirus solutions thanks to its latest generation technologies.
Online detection of all types of malware, vulnerabilities and unknown threats.
Easy to use from your browser and always up-to-date against the latest threats.
A free report about threats detected and the status of the security protection installed on your computer.
Compatible with any installed antivirus, the most popular browsers and the latest versions of Windows, including Windows 10.

4,394

Nov 16, 2017Panda Security

PE-sieve 0.1.4.3 32bit
PE-sieve 0.1.4.3 32bit
PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
Usage
It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments:
When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type.
In case if some modified modules has been detected, they are dumped into a folder of a given process, for example:
JSON report specifies where the implants were found:
Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder.
Short history &amp; features from the author
Detecting inline hooks and patches
I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here:
With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool.
In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file.
Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to.
The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...

213

Sep 13, 2018Hasherezade

PE-sieve 0.1.4.3 64bit
PE-sieve 0.1.4.3 64bit
PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.
Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
Usage
It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments:
When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type.
In case if some modified modules has been detected, they are dumped into a folder of a given process, for example:
JSON report specifies where the implants were found:
Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder.
Short history &amp; features from the author
Detecting inline hooks and patches
I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here:
With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool.
In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file.
Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to.
The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...

222

Sep 13, 2018Hasherezade

PeStudio v8.86
PeStudio v8.86
pestudio is used by many Cyber Emergency Response Teams (CERT) worldwide in order to perform malware initial assessments.
Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, anomalies and other indicators.
The goal of pestudio is to spot these artifacts in order to ease and accelerate Malware Initial Assessment. The tool uses a powerful parser and a flexible set of configuration files that are used to detect various types of indicators and determine thresholds. Since the file being analyzed is never started, you can inspect unknown or malicious executable file, trojan and ransomware without any risk of infection.
features
pestudio implements a rich set of features that is especially designed to retrieve every single detail of any executable file. Results are checked against the Microsoft specification. Additionally, the content of the file being analyzed is checked against several white and black lists and thresholds.
pestudio can query Antivirus engines hosted by Virustotal. Only the MD5 of the file being analyzed is sent. This feature can be switched ON or OFF using an XML file included with pestudio.
Even a suspicious binary file must interact with the operating system in order to perform its activity.
pestudio retrieves the libraries and the functions referenced. Several XML files are used to blacklist functions (e.g. Registry, Process, Thread, File, etc). Blacklist files can be customized and extended according to your own needs. pestudio brings out the intent and purpose of the application analyzed.
Resources sections are commonly used by malware to host payload.
pestudio detects many embedded file types (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, etc ). Detected items can be saved to a file, allowing therefore the possibility of further analysis.
The goal of ...

4,468

Dec 16, 2018Marc Ochsenmeier

Phrozen ADS (Alternate Data Stream) Revealer 1.0.5642
Phrozen ADS (Alternate Data Stream) Revealer 1.0.5642
Phrozen ADS (Alternate Data Stream) Revealer is a Microsoft Windows program, especially designed to reveal possible malicious ADS files in your file system. Since the Alternate Data Stream functionality is only available for NTFS (New Technology File System), the program is able to scan and detect this kind of files only for this type of file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device).
If some ADS Files are detected during the scan you then can decide wether or not you want to keep them or to back them up. You can also have a content preview to detect in one glance if it looks legitemate or not. Phrozen ADS Revealer is the perfect tool to sanitize your NTFS file systems against bloated content or hidden malwares. Another great tool to put in your collection and 100% free.
What are Alternate Data Stream
Alternate data streams allow more than one data stream to be associated with a filename, using the format "filename:streamname" (e.g., "text.txt:extrastream"). NTFS Streams were introduced in Windows NT 3.1, to enable Services for Macintosh (SFM) to store resource forks. Although current versions of Windows Server no longer include SFM, third-party Apple Filing Protocol (AFP) products (such as GroupLogic's ExtremeZ-IP) still use this feature of the file system. Very small ADS (called Zone.Identifier) are added by Internet Explorer and recently by other browsers to mark files downloaded from external sites as possibly unsafe to run; the local shell would then require user confirmation before opening them.[21] When the user indicates that they no longer want this confirmation dialog, this ADS is deleted. Alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. They are ignored when the file is copied or moved ...

1,374

Jan 16, 2016PHROZEN SAS

PPEE (puppy) 1.12
PPEE (puppy) 1.12
PPEE (puppy) is a Professional PE file Explorer for
reversers, malware researchers and those who want to statically inspect PE files in more details
Puppy is free and tries to be small, fast, nimble and
friendly as your puppy!
Visual C++ 2010 Redistributable Package required
Features
Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
Both PE32 and PE64 support
Examine YARA rules against opened file
Virustotal and OPSWAT's Metadefender query report
Statically analyze windows native and .Net executables
Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
Edit almost every data structure
Easily dump sections, resources and .Net assembly directories
Entropy and MD5 calculation of the sections and resource items
View strings including URL, Registry, Suspicious, ... embedded in files
Detect common resource types
Extract artifacts remained in PE file
Anomaly detection
Right-click for Copy, Search in web, Whois and dump
Built in hex editor
Explorer context menu integration
Descriptive information for data members
Refresh, Save and Save as menu commands
Drag and drop support
List view columns can sort data in an appropriate way
Open file from command line
Checksum validation
Plugin enabled
About ...

676

Aug 22, 2018Zaderostam

RansomNoteCleaner 0.9.4.1
RansomNoteCleaner 0.9.4.1
RansomNoteCleaner (beta) is a program I have created to help remove pesky ransom notes left behind by known ransomware variants.
This program is powered by my service ID Ransomware, and thus is always updated with definitions on the latest known ransomwares and their ransom notes. This also allows it to be flexible in detecting the ransom notes, as it uses the exact same data ID Ransomware uses for identifying variants.
When RansomNoteCleaner is first launched, it will contact the website, and pull down the latest information on known ransom notes; this is the only network activity done with the program, and no information about your system is uploaded or stored at all. If you have a network issue with reaching the website, the "Refresh Network" button is available to try again.
Clicking the "Select Ransomware(s)" button allows for selecting the exact variant(s) to clean ransom notes from. This is recommended if you have already identified the ransomware, as it will take much less time to search for the notes.
Once the ransomware variant(s) have been confirmed, you may press the "Search for Ransom Notes" button to select a directory (or whole drive), and start the search for known ransom notes.
Once the scan has completed, the "Clean!" button will be available. A final window will display all found ransom notes before continuing with deletion. I highly recommend double-checking the file list before confirming the deletion. I am not responsible for loss of data if you confirm this step.
A full log of deleted ransom notes will be saved to a file "RansomNoteCleaner.log" in the same directory RansomNoteCleaner is run from.
Please note that this program does not decrypt data. It is simply a tool for removing the pesky ransom notes that are littered on the system after a ransomware attack.
Please also ...

669

Jan 30, 2018Demonslay335

RegRun Reanimator 9.30.0.630
RegRun Reanimator 9.30.0.630
What is RegRun Reanimator?
Reanimator is a software for removing Trojans/Adware/Spyware/Malware and some of the rootkits.
Reanimator does not contain any adware/spyware modules.
Supported Windows 95/98/Me/NT4/2000/XP/2003/VISTA/Seven/Windows8/10 32 and 64 bit
Compatible with all known antiviral software.
Reanimator is free of charge for personal (non-commercial using).
What is Reanimator's purpose?
The main purpose of the Reanimator is remote malicious program removal.
A user sends his Reanimator report to the support team
File Name: regrunlog.txt
Greatis Support team analyzes the user's report and creates the cure file "RNR.RNR".
The user opens RNR.RNR and executes removal procedure
Getting Started
1. Save downloaded reanimator.zip to your hard drive.
2. Unzip reanimator.zip to any folder on your hard drive.
3. Open ReanimatorStart.exe and proceed installation.
If you have installed UnHackMe you will be prompted for updating UnHackMe Reanimator.
4. Click Next.
5. Click Send Report.
Wait for a coulpe of seconds...
6. Choose Yes. After that click "OK".
7. Wait for connection with Greatis Software Support Center via your Internet browser.
8. Fill in the ticket form.
Click Browse and locate "regrunlog.txt" on your desktop.
Do not paste the regrunlog.txt contents directly to the Message box.
Please, describe your problem in detail in the Message field.
9. You will receive our confirmation e-mail message to your e-mail box.
Later you can logon to the Support Center using your Ticket ID and your e-mail.
10. You will get an answer from the Greatis Software Support Team within 1-2 working days.
Please, set up your spam filter for allowing to receive messages from greatissoftware.com and from greatis.com.
RegRun Reanimator - Automatic Malware Removal
Reanimator allows you to automatically delete malware using the special command files called RNR files, received from Greatis Software support team or made by a user.
After receiving response to your open ticket from support team, you will see "regrunlog.rnr" file attached to your ticket.
Also, you can receive "rnr" file attached to the mail message or download from web site.
Save ...

684

Oct 27, 2017Greatis Software

Rem-VBSworm 7.0.0
Rem-VBSworm 7.0.0
A small tool that will aid you to remove VBS malware (and unhide your files) from a machine or in a network. The tool is written entirely in batch.
Instructions on using Rem-VBSworm
You should run the script in the following sequence, at least on a normal machine:
Plug in your infected USB (if any) and choose A, then B and afterwards C.
After these steps, perform a full scan with your installed antivirus product or perform an online scan.
Some tips and tricks:
Using option A, the tool will attempt to clean the infection. It will also fix any registry changes made by the malware. (for example it will re-enable Task Manager should it be disabled).
! When you use option B, be sure to type only the letter of your USB drive!
So if you have a USB drive named G:\, you should only type G
This option will eradicate any related malware on the USB drive, as well as unhide your files (make them visible again).
With option C you can download Panda USB Vaccine to prevent any other autorun malware entering your computer.
With option D you have the possibility to disable or re-enable the Windows Script Host (WSH), to prevent any malware abusing it.
I advise to end the script with Q as to ensure proper logfile closing. A logfile will open automatically, but is also created by default on the C:\ drive. (C:\Rem-VBS.log)
When the tool is running, do not use the machine for anything else.
(it takes about 30 seconds to run)
If VBS malware is found, it will be automatically removed and a copy ...

1,372

Mar 12, 2016Bart Blaze

RepairDNS 2017.7.1.2
RepairDNS 2017.7.1.2
RepairDNS is a Nicolas Coolman utility that allows to detect and remove certain DNS infection. This is particularly the case of hosts file infection that modifies the dynamic link resource "dnsapi" in order to create forwarding addresses in the Hostsfile (Jabuticaba, La Superba, V-Bates,...) . In principle this tool find a healthy copy of the infected resource and replaces it. A report is available on the user'sdesktop, it can be requested by a security expert in a forum of disinfection. The utility is portable, it means that it requires no installation.
System : Windows XP/Vista/7/8/10

733

Jul 05, 2017Nicolas Coolman

RKill 2.9.1 (updated)
RKill 2.9.1 (updated)
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then import a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

4,008

Nov 17, 2018Bleeping Computer

RogueKiller AntiMalware v13.0.13 32bit
RogueKiller AntiMalware v13.0.13 32bit
RogueKiller is an anti-malware program written in C++ and able to detect and remove generic malwares and some advanced threats such as rootkits, rogues, worms, …
Based on generic ways to find malwares by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malwares (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.
RogueKiller is a tiny anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. We react quickly to integrate detection and removal of what we think can be a global threat and affect a big amount of users across the world.
Here’s a little summary of what RogueKiller is able to do:
Kill malicious processes
Stop malicious services
Unload malicious DLLs from processes
Find/Kill malicious hidden processes
Find and remove malicious autostart entries, including :
Registry keys (RUN/RUNONCE, …)
Tasks Scheduler (1.0/2.0)
Startup folders
Find and remove registry hijacks, including :
Shell / Load entries
Extension association hijacks
DLL hijacks
Many, many others …
Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type “Fake HDD“
Read / ...